Source: intel-microcode Version: 3.20231114.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.20231114.1~deb12u1 Control: found -1 3.20231114.1~deb11u1
Hi, The following vulnerabilities were published for intel-microcode. CVE-2023-43490[0], CVE-2023-39368[1], CVE-2023-38575[2], CVE-2023-22655[3] and CVE-2023-28746[4]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-43490 https://www.cve.org/CVERecord?id=CVE-2023-43490 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html [1] https://security-tracker.debian.org/tracker/CVE-2023-39368 https://www.cve.org/CVERecord?id=CVE-2023-39368 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html [2] https://security-tracker.debian.org/tracker/CVE-2023-38575 https://www.cve.org/CVERecord?id=CVE-2023-38575 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html [3] https://security-tracker.debian.org/tracker/CVE-2023-22655 https://www.cve.org/CVERecord?id=CVE-2023-22655 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html [4] https://security-tracker.debian.org/tracker/CVE-2023-28746 https://www.cve.org/CVERecord?id=CVE-2023-28746 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html I think we should do a classical top-down approach here, let it first go through unstable. We can decide if we want to postpone it trough the point release afterwards or go via a point release. Regards, Salvatore